From c17f14182f6f369af4357c874eed9b57dd103050 Mon Sep 17 00:00:00 2001
From: Stefan Andres <sandres@anaconda.com>
Date: Wed, 4 Dec 2024 11:23:17 +0100
Subject: [PATCH] Remove templated tls.enabled in probe

Signed-off-by: Stefan Andres <sandres@anaconda.com>
---
 charts/kargo/templates/api/deployment.yaml | 16 ----------------
 charts/kargo/values.yaml                   | 15 ++++++++++++++-
 2 files changed, 14 insertions(+), 17 deletions(-)

diff --git a/charts/kargo/templates/api/deployment.yaml b/charts/kargo/templates/api/deployment.yaml
index 5b7e1af4c..d611524c3 100644
--- a/charts/kargo/templates/api/deployment.yaml
+++ b/charts/kargo/templates/api/deployment.yaml
@@ -90,25 +90,9 @@ spec:
           {{- with .Values.api.probes.livenessProbe }}
           livenessProbe: {{- toYaml . | nindent 12 }}
           {{- end }}
-            exec:
-              command:
-                - /usr/local/bin/grpc_health_probe
-                - -addr=:8080
-{{- if .Values.api.tls.enabled }}
-                - -tls
-                - -tls-no-verify
-{{- end }}
           {{- with .Values.api.probes.readinessProbe }}
           readinessProbe: {{- toYaml . | nindent 12 }}
           {{- end }}
-            exec:
-              command:
-                - /usr/local/bin/grpc_health_probe
-                - -addr=:8080
-{{- if .Values.api.tls.enabled }}
-                - -tls
-                - -tls-no-verify
-{{- end }}
 {{- end }}
 {{- if or .Values.kubeconfigSecrets.kargo (and .Values.api.oidc.enabled .Values.api.oidc.dex.enabled) .Values.api.tls.enabled .Values.api.cabundle.configMapName .Values.api.cabundle.secretName }}
           volumeMounts:
diff --git a/charts/kargo/values.yaml b/charts/kargo/values.yaml
index f2de391d2..cb5965714 100755
--- a/charts/kargo/values.yaml
+++ b/charts/kargo/values.yaml
@@ -146,9 +146,22 @@ api:
     enabled: true
     livenessProbe:
       initialDelaySeconds: 10
-
+      exec:
+        command:
+          - /usr/local/bin/grpc_health_probe
+          - -addr=:8080
+          # Manually disable if TLS is not used
+          - -tls
+          - -tls-no-verify
     readinessProbe:
       initialDelaySeconds: 5
+      exec:
+        command:
+          - /usr/local/bin/grpc_health_probe
+          - -addr=:8080
+          # Manually disable if TLS is not used
+          - -tls
+          - -tls-no-verify
 
   tls:
     ## @param api.tls.enabled Whether to enable TLS directly on the API server. This is helpful if you do not intend to use an ingress controller or if you require TLS end-to-end. All other settings in this section will be ignored when this is set to `false`.